Open Bug 1575518 Opened 6 years ago Updated 3 years ago

Parsing Error with Cross-Origin Requests

Categories

(External Software Affecting Firefox :: Other, defect, P3)

Product:
External Software Affecting Firefox
Component:
Other
Type:
defect

Tracking

(firefox69 affected, firefox70 affected, firefox71 affected)

Tracking Flags:
Tracking Status
firefox69 --- affected
firefox70 --- affected
firefox71 --- affected

People

(Reporter: nick.hahn, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

I installed the Language Toll plugin and set up my own server according to: http://wiki.languagetool.org/http-server

Then I entered my server(https://languagetool.famhahn.xyz) into the experimental settings of LT.

My web server has the following nginx config:

server {
	listen 80;
	server_name languagetool.example.com;
	return 301 https://languagetool.example.com$request_uri;
}

server {
	listen 443 ssl http2;
	server_name languagetool.example.com;
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	
	
	
	add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
	
	
	ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; # managed by Certbot
	ssl_stapling on; # managed by Certbot
	ssl_stapling_verify on; # managed by Certbot

	location / {
		add_header "Access-Control-Allow-Origin" *;
        	proxy_pass http://localhost:8010;
		}
}

Actual results:

When I try to use the plugin, it fails with the error Sorry, something went wrong while checking your text (400)
The plugin debug console outputs: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://languagetool.example.com/v2/check?instanceId=84191%3A1565727384820&c=1&v=2.3. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘*, *’).

Now, when I cahnge the Access-Control-Allow-Origin to "," as per error message,
the message changes to:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://languagetool.famhahn.xyz/v2/check?instanceId=33111%3A1565727813232&c=1&v=2.3. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘*, *, *’).

Expected results:

The plugin should have worked as it does in Chromium.

Hello,
I am able to reproduce this issue on all three versions of os Windows 10 x64, Macos 10.14.6 and Linux Ubuntu 18.04.2 using Firefox versions: release 69, beta 70.0b3 or the Nightly build 71.0a1 (2019-09-04).
Using the default settings for the addon will return the correct result every time. After changing to the suggested server indeed it gives the same error "Sorry, something went wrong while checking your text (400)".

I will set a component for this bug so that the development team can answer more accurately to your question, however if it's not the correct one please feel free to change.

Status: UNCONFIRMED → NEW
status-firefox69: --- → affected
status-firefox70: --- → affected
status-firefox71: --- → affected
status-firefox-esr68: --- → affected
Component: Untriaged → Other
Ever confirmed: true
OS: Unspecified → All
Product: Firefox → External Software Affecting Firefox
Hardware: Unspecified → All
Version: 68 Branch → unspecified

The priority flag is not set for this bug.
:marcia, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(mozillamarcia.knous)

Setting this as a P3 for now. If this is an issue with the plugin, I think this bug belongs in this component. If this is Firefox doing something wrong, then this probably belongs in a better component such as Webextensions.

Flags: needinfo?(mozillamarcia.knous)
Priority: -- → P3
Severity: normal normal → S3 S3
You need to log in before you can comment on or make changes to this bug.